What is CVE-2024-9464?

CVE-2024-9464 is a vulnerability in Palo Alto Networks Expedition, classified under OS Command Injection. Published 2024-10-09.

Is CVE-2024-9464 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Palo Alto Networks Expedition

CVE-2024-9464

An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.853 (99.4th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Expedition — versions 1.2.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

security.paloaltonetworks.com/PAN-SA-2024-0010 (vendor-advisory)
www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-comprom… (exploit)

Frequently asked questions

What is CVE-2024-9464?: CVE-2024-9464 is a vulnerability in Palo Alto Networks Expedition, classified under OS Command Injection. Published 2024-10-09.
Is CVE-2024-9464 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.